Cyber security issues are the dark and often invisible underminer of many small businesses that operate in today’s digital era. Don’t fall into the trap of thinking that you’re safe from cyber crime because you’re not a mega-corporation; cyber criminals do not discriminate. If any of your business operations require internet, then you require protection.
Keep reading to learn about how cyber liability insurance helps support businesses and how Hunter Broking Group can help protect your business from the pitfalls of a cyber security incident.
What is Cyber Liability Insurance?
Cyber Liability insurance is designed to protect you or your business against the risks of using the internet. You don’t need to be running a digital business to be in digital danger; cyber risks are ever-present. Many small business owners remain oblivious to the cyber risks that pose a threat to their life’s work.
Cyber insurance doesn’t just mean a bank repaying money taken from your account. It can extend to helping recover your business after suffering a data breach. Think of how costly business disruption can be, and now consider the enormity of needing to try and rebuild your business reputation, recoup lost revenue, repair damaged equipment or even fund public relations expenses or legal fees. One click is all it takes to suffer a cyber event that can quickly snowball.
Thankfully, a robust Cyber Insurance policy can help prevent a cyber snowball from turning into an avalanche by providing the necessary cyber coverage to get your business moving again.
How Cyber Insurance protected Sarah’s business
Consider the example of Sarah (not her real name). Sarah ran a successful suburban financial planning business. With a turnover sitting between $500,000 and $800,000, she had worked hard to win the trust of over 150 clients and was going from strength to strength. Then, completely out of the blue, Sarah received some shocking information; the cloud-based software that Sarah used as her CRM (Customer Relationship Management) system and to store all of her client’s confidential information had been accessed by an unknown, unauthorised identity.
Sarah couldn’t believe what she was hearing — she had absolutely no idea her business had suffered a cyber incident of unauthorised access. Worse still, the identity had deleted data relating to half of her client base. Sarah had been hacked and was terrified. Who hacked her? Was the client information recoverable and how was she going to tell her clients? She wasn’t able to get back into her CRM which meant cancelling her client appointments and being unable to meet her contractual obligations to her clients.
Unfortunately, that wasn’t the end of the cyber attack. Sarah’s business was now being demanded to pay a ransom by a first-party hacker in order to retrieve the lost data; her business was now the victim of cyber extortion.
Once Sarah had lodged her claim for the cyber security breach, the insurer’s incident response team was quick to bring on board IT forensic consultants to help determine if her system was compromised. The response team aided Sarah in notifying the Privacy Commissioner of the data breach and was able to cover the hefty cost of the ransom to recover her customer data.
The total claim cost of the cyber attack was close to $200,000 including covering the cost of her business interruption, regulatory investigations, legal costs and forensics. Sarah’s Cyber Liability insurance cover was instrumental in helping her business recover.
What kind of cyber threats are there?
When most of us think about cyber threats, we consider cyber attacks from hackers trying to access our personal information, or installing potentially devastating malware on our computer systems. While these risks are common, unfortunately not all cyber incidents are at the hands of criminals. Human error is to blame for an alarmingly high percentage of cyber data breaches.
The variety of cyber threats is staggering. Below are some of the most common cyber security risks.
One of the older forms of cyber attacks that still lurk around is phishing emails or phishing attacks. These attacks come in the form of an email or message that request sensitive data such as passwords. They are deceiving, as the cyber criminals behind them go to great lengths to make them appear as though they are from legitimate sources.
Data breaches come in many shapes and forms, and are often due to innocent, but costly errors at the hand of humans. Losing computers, mobiles or USB drives are a good example of data breaches. If you have ever hit ‘send’ on an email, only to quickly realise that it was not sent to your intended recipient, then this constitutes a data breach if there was any personally identifiable information within the email (including sensitive details).
Of course, there are also deliberate breaches of data that can prove more sinister. These include theft of hardware and unauthorized access to your data. Compromised data not only puts your business at risk, but can open up your customers to the vulnerability of fraud or identity theft.
Social engineering is the term used to describe the method of attempting to deceive users into giving out sensitive information about themselves. Unfortunately, social engineering masterminds use people’s social media accounts to try and lure them into giving away details. For example, if you’ve ever participated in a Facebook post asking things like “your rockstar name is the first street you lived on and the model of your first car” you could be unknowingly giving away your secret question to reset a password.
Misuse of intellectual property online
Believe it or not, misuse of your intellectual property online is a real cyber threat that exists. Whether it’s misappropriating trade secrets, infringing your patents or counterfeiting your copyrights, the misuse of your intellectual property can spell disaster for your business success.
We probably don’t need to spell out the implications of having your passwords stolen. Unfortunately, password theft still occurs and can seriously threaten your sensitive information and that of your customers.
Malware is the name given for malicious software and is probably the most prolific cyber threat that exists. Malware installs itself onto your PC system, laptop or even mobile devices and can cause your programming or software to become unresponsive, delete files, forbid access to programs and can even infect other systems.
Ransomware is a form of Malware that, once installed, prevents you from accessing different functionalities until you pay the demanded ‘ransom’. This is similar to what Sarah went through.
What does Cyber Insurance cover?
Cyber Liability insurance cover isn’t a one size fits all policy, in fact, there are various cyber insurance products available to you, to help protect against not just financial loss, but cyber property damage too.
Cyber insurance policies can provide cover for:
- Cyber Extortion. Payment of ransom demands and specialist consultant fees, where a hacker holds, or threatens your network, programs or data.
- Breach costs. Reimbursement of your own costs when a data breach occurs.
- Privacy protection. Third-party claims from a failure to keep data secure.
- Business Interruption. Compensation for lost or reduced revenue (this may include covering the cost of hiring a public relations firm to rebuild your business brand).
- Hacker Damage. Reimbursement for costs to repair, replace or restore systems and data as a result of a hack (optional cover)
- Cyber Liability. Third-party claim as a result of content in email, on the intranet, extranet or website.
For events that Cyber Liability insurance doesn’t cover, we’ve covered it on our cyber liability insurance guide.
What is the best way to protect my business against cyber risk?
Of course, security controls are the first line of defence to reduce cyber risk. Second to this, holding adequate cyber insurance coverage as part of your overall enterprise risk management strategy is the best way to protect your business against cyber risk.
Use a virtual private network (VPN)
VPNs are now becoming more of a household term, and they should be a staple in your business too. VPNs help establish a protected network for your internet connection. They effectively encrypt your web traffic and disguise your identity online, making it harder for malicious third parties to gain access to your information.
Install a Firewall
A firewall is another fantastic way to reduce your cyber risk, by setting up a barrier between trusted and untrusted networks. This helps to monitor and control different network traffic, deciding whether to block or allow certain traffic based on your predetermined rules.
Keep your Antivirus software current
The absolute first line of defence in your cyber security should be the use of anti-virus software. Given that Malware has been around as long as the internet, it proves that these viruses are constantly evolving. Be sure to remain proactive in keeping up to date with the latest anti-virus software to help prevent an unwanted cyber event.
Stay informed by visiting the Australian Cyber Security Centre
The Australian government takes cyber security seriously, which is why they have established the Australian Cyber Security Centre.
You can report any suspected cyber threats by contacting the Australian cyber security hotline on CYBER1(1300 292 371).
Get the right cover through Hunter Broking Group
Regardless of what your business needs are, Hunter Broking Group can source both cyber policies and non-cyber policies to protect your business. We are happy to help you understand your Cyber Liability insurance risk through our advisory services and can work with you to build a strong business insurance safety net.
For a Cyber Liability insurance quote, contact us here.